CFP last date
20 January 2025
Reseach Article

A Review on Software Development Security Engineering using Dynamic System Method (DSDM)

by Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 69 - Number 25
Year of Publication: 2013
Authors: Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani
10.5120/12131-8527

Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani . A Review on Software Development Security Engineering using Dynamic System Method (DSDM). International Journal of Computer Applications. 69, 25 ( May 2013), 33-44. DOI=10.5120/12131-8527

@article{ 10.5120/12131-8527,
author = { Abdullahi Sani, Adila Firdaus, Seung Ryul Jeong, Imran Ghani },
title = { A Review on Software Development Security Engineering using Dynamic System Method (DSDM) },
journal = { International Journal of Computer Applications },
issue_date = { May 2013 },
volume = { 69 },
number = { 25 },
month = { May },
year = { 2013 },
issn = { 0975-8887 },
pages = { 33-44 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume69/number25/12131-8527/ },
doi = { 10.5120/12131-8527 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:31:19.097675+05:30
%A Abdullahi Sani
%A Adila Firdaus
%A Seung Ryul Jeong
%A Imran Ghani
%T A Review on Software Development Security Engineering using Dynamic System Method (DSDM)
%J International Journal of Computer Applications
%@ 0975-8887
%V 69
%N 25
%P 33-44
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Agile methodology such as Scrum, Extreme Programming (XP), Feature Driven Development (FDD) and the Dynamic System Development Method (DSDM) have gained enough recognition as efficient development process by delivering software fast even under the time constrains. However, like other agile methods DSDM has been criticized because of unavailability of security element in its four phases. In order to have a deeper look into the matter and discover more about the reality, we conducted a literature review. Our findings highlight that, in its current form, the DSDM does not support developing secure software. Although, there are a few researches on this topic about Scrum, XP and FDD but, based on our findings, there is no research on developing secure software using DSDM. Thus, in our future work we intend to propose enhanced DSDM that will cater the security aspects in software development.

References
  1. Aydal E. G. 2005. Extreme programming and Refactoring for Building Secure Web based Applications and Web Services, MSc Project, University of York.
  2. M. E. Zurko and R. T. Simon 1996. User- centered security. In Proceedings of the 1996 workshop on New security paradigms, 1996, pp. 27–33.
  3. CERT Statistics, [Online]. Available: http://www. cert. org/stats/. [Accessed: 30- 04-2013]
  4. Saltzer, Jerome H. & Schroeder, Michael D. 1975. The Protection of Information in Computer Systems, 1278-1308. In Proceedings of the IEEE
  5. Viega, John & McGraw, Gary. 2002. Building Secure Software: How to Avoid Security Problems the Right Way. Boston,MA:Addison-wesley.
  6. AntiVaha-Sipila. 2013. Marrying Scrum and Security blog, 19 May 2009. http://blog. safecode. org/?p=45. ht [Access on 30-04-2013]
  7. http://www. DSDM. org - the home site for the DSDM consortium. [Access on 30-04-2012].
  8. R. C. Martin. 2002 . AgileSoftwareDevelopment: Principles, Patterns and Practices', Prentice Hall (October 2002).
  9. Chivers H. , Paige R. F. , and Ge X. 2007. Agile Security Using an Incremental Security Architecture. Department of Computer Science, University of York.
  10. Bryan Sullivan 2010. Bryan Sullivan, Streamline Security Practices For Agile Development. MSDN Magazine.
  11. Kim, Y. -G. and Cha, S. 2012. Threat Scenario- based Security Risk Analysis using Use Case Modelling in Information Systems. Security and Communication Networks, 5(3), pp. 293-300.
  12. DSDM PublicVersion 4. 2. http://www. dsdm. com/products/dsdm_version_4_2. asp Access [30. 04. 2013].
  13. Stapleton J. 2003. DSDM Business FocusDevelopment, Second Edition,Addison Wesley.
  14. Stevens, J. L. B. 2011. Systems Security Engineering. IEEE Security & Privacy, pp. 72-74.
  15. Koskela, J. 2003. Software configuration management in agile methods. VTT Technical Research Centre of Finland.
  16. H. Schmidt, McDermott, J. & Fox, C. 1999. Using abuse case models for security requirements. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC). IEEE Computer Society. 2010, pp. 188 –195.
  17. DSDM Consortium 2002-2006 www. DSM. com. [Access on 30-04-2013 ]
  18. Sipponen, M. , Baskerville, R. &Kuivalainen, T. 2005. Integrating security into agile development methods. In Proceedings of the38th Hawaii International Conference on System Sciences.
  19. C. Alberts,J. Allen,R. Stoddard. 2011. Risk-based measurement and analysis: Application to software security. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, Technical note CMU/SEI-2011-TN-032.
  20. DianxiangXu and Kendall Nygard. 2005. A Threat Driven Approach to Modelling and Verifying Secure Software. In the Proceeding of the 20thIEEE International Conference on Automated Software Engineering, 2005.
  21. E. Dubois and H. Mouratidis. 2010. Guest Editorial: Security Requirements Engineering: Past, Present and Future. Requirements Engineering, vol. 15, no. 1, pp. 1–5.
  22. Mustafa k. et al. 2008. Development of Security Assessment Framework for Object Oriented Software. Project Report, Submitted to DIT, Ministry of Communication and IT, Govt. of India.
  23. Security Architecture Service Oriented, Gunnar,Arctec Group 2006.
  24. P. Abrahamsson, M. Ali Babar, and P. kruchten, Agility. 2010. Architecture :Can They coexist?. IEEE, Software. vol 27,no 2.
  25. D. Mellado, E. Fernández-Medina, and M. Piattini. 2010. Security requirements engineering framework for software product lines. Information and Software Technology vol 52:p. 1094-1117.
  26. H. Schmidt. 2010. Threat- and risk-analysis during early security requirements engineering. In the Proc. of Availability, Reliability, and Security,ARES'10 International Conference, IEEE Computer Society.
  27. B. Morin, T. Mouelhi, F. Fleurey, et al. 2010. Security-driven model-based dynamic adaptation. In Proc of 25th IEEE/ACM Int. Conf. on Automated software engineering, Belgium, pp. 205-214.
  28. A. Fuchs, S. Gürgens, and C. Rudolph. 2011. A formal notion of trust and confidentiality – Enabling reasoning about system security. In Journal of Information Processing, vol. 19, pp. 274–291.
  29. M. Waterman, J. Noble, and G. Allan. 2012. How Much Architecture? Reducing the Up-Front Effort. In Agile India 2012, pp. 56–59.
  30. Xiaocheng Ge, Richard F. Paige, Fiona Polack 2007. Extreme Programming Security Practices. G. Concas et al. (Eds. ): XP 207, LNCS 4536, pp. 226-230, 2007. Springer-Verlag Berlin Heidelberg 2007.
  31. Azham, Z. , Ghani, I. , Ithnin, N. 2011. Security Backlog. In Scrum Security Practices, 5th MySEC (Malaysian Conference in Software Engineering), 2011.
  32. Imran Ghani, Izzaty Yasin. 2013. Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review. Sci. Int. (Lahore),25(2),215-221.
  33. Adila Firdaus, Imran Ghani, Nor Izzaty Mohd Yasin. 2013. Developing Websites using Feature Driven Development: A Case Study. Journal of Clean Energy Technologies, Vol 1, No 4.
Index Terms

Computer Science
Information Sciences

Keywords

Agile Development Software Security Software Engineering Dynamic System Development Method DSDM